System and Method for Enforcing Quotas on Object Creation in a Replicated Directory Service Database

1. In a distributed directory service system that includes a plurality of directory servers connectable to one another through a network so that directory service objects are replicated through a distributed database among the plurality of directory servers, and wherein at least one of the directory servers is responsible for assigning quotas to network entities that are allowed to create directory service objects, tracking quota consumption of objects by such network entities, and enforcing quota limits as to consumption of objects by such network entities, a computer-readable medium having computer-executable instructions for implementing a method by which the at least one responsible directory server manages the object quotas for such entities, the method comprising steps for: receiving at the at least one responsible server a request for a directory operation from a first entity of the directory service system, the first entity having an object quota assigned to it by the at least one responsible server, and owning a plurality of system objects and tombstones for deleted system objects, and the requested directory operation changing the number of objects owned by the first entity if performed; identifying at the at least one responsible server the assigned quota of the first entity for limiting objects owned by the first entity; calculating a total number of objects as a sum of a number of said system objects of the first entity and a number of the tombstones of the first entity multiplied by a pre-selected fractional tombstone factor; the at least one responsible server then comparing the total number with the quota assigned to the entity to determine whether the quota of the first entity will be exceeded if the requested directory operation is performed; and the at least one responsible server then permitting the requested directory operation to be performed when it is determined that the quota of the entity will not be exceeded, and such that the server fails to permit the requested directory operation to be performed when it is determined that the quota of the entity will be exceeded.

2. A computer-readable medium as in claim 1 , wherein the directory service system has a plurality of entities permitted to create system objects, and wherein the computer-readable medium has further computer-executable instructions for tracking a number of system objects and a number of tombstones owned by each of said plurality of entities.

3. A computer-medium as in claim 2 , where said step of tracking uses a quota table that contains data fields for said each entity indicating the number of system objects and the number of tombstones owned by said each entity.

4. A computer-readable medium as in claim 2 , having further computer-executable instructions for maintaining a plurality of quota assignment objects, each quota assignment object specifying a quota value for a corresponding entity of the directory service system permitted to create system objects.

5. A computer-readable medium as in claim 4 , having further computer-executable instructions for specifying a default quota, and wherein the step of identifying the quota of the first entity uses the default quota as the quota of the first entity if there is no quota assignment object corresponding to the first entity.

6. A computer-readable medium as in claim 4 , having further computer-executable instructions for creating the quota assignment objects.

7. A computer-readable medium as in claim 1 , wherein the requested directory operation is adding a new system object, changing ownership of a system object, or undeleting a deleted system object.

8. A computer-readable medium as in claim 1 , having further computer-executable instructions for performing the step of changing the fractional tombstone factor from a default value.

9. In a distributed directory service system that includes a plurality of directory servers connectable to one another through a network so that directory service objects are replicated through a distributed database among the plurality of directory servers, and wherein at least one of the directory servers is responsible for assigning quotas to network entities that are allowed to create directory service objects, tracking quota consumption of objects by such network entities, and enforcing quota limits as to consumption of objects by such network entities, a method by which the at least one responsible directory server manages the object quotas for such entities, the method comprising steps for: assigning at the at least one responsible server, for each of the plurality of entities, a quota on object creation; receiving at the at least one responsible server a request for a directory operation from a first entity; identifying at the at least one responsible server the quota assigned to the first entity; calculating a total number of objects of the first entity as a sum of a number of said system objects of the first entity and a number of the tombstones of the first entity multiplied by a pre-selected fractional tombstone factor; the at least one responsible server then comparing the total number with the quota assigned to the entity to determine whether the quota of the first entity will be exceeded if the requested directory operation is performed; and the at least one responsible server then permitting the requested directory operation to be performed only when it is determined that the quota of the entity will not be exceeded, and such that the server fails to permit the requested directory operation to be performed when it is determined that the quota of the entity will be exceeded.

10. A method as in claim 9 , wherein the directory service system has a plurality of entities permitted to create system objects, and the method further includes the step of tracking a number of system objects and a number of tombstones owned by each of said plurality of entities.

11. A method as in claim 10 , where said step of tracking uses a quota table that contains data fields for each said entity indicating the number of system objects and the number of tombstones owned by said each entity.

12. A method as in claim 10 , further including the step of maintaining a plurality of quota assignment objects, each quota assignment object specifying a quota value for a corresponding entity of the directory service system permitted to create system objects.

13. A method as in claim 12 , further including the step of specifying a default quota, and wherein the step of identifying a quota of the first entity uses the default quota as the quota for the first entity if there is no quota assignment object corresponding to the first entity.

14. A method as in claim 12 , having further computer-executable instructions for creating the quota assignment objects.

15. A method as in claim 9 , wherein the requested directory operation is adding a new system object, changing ownership of a system object, or undeleting a deleted system object.

16. A method as in claim 9 , further including the step of changing the fractional tombstone factor from a default value.

17. In a distributed directory service system that includes a plurality of directory servers connectable to one another through a network so that directory service objects are replicated through a distributed database among the plurality of directory servers, and wherein at least one of the directory servers is responsible for assigning quotas to network entities that are allowed to create directory service objects, tracking quota consumption of objects by such network entities, and enforcing quota limits as to consumption of objects by such network entities, a computer program product comprised of a computer-readable medium having computer-executable instructions for a data structure used when implementing a method by which the network entities are managed by the at least one responsible directory server with respect to the object quotas for such network entities, the data structure comprising an object-creation quota table used by the at least one responsible directory server in accordance with the method of claim 1 to track and enforce quotas, and which is comprised of: a first data field containing data representing an object-creation quota used by the at least one directory server to assign an object quota to a particular network entity; a second data field containing data representing a number of system objects owned by the particular network entity and which is incremented by the at least one directdry server each time an object is added by the particular network entity by virtue of a directory operation performed by it; a third data field containing data representing a number of tombstones owned by the entity and which is incremented each time an object owned by the particular network entity is deleted or transferred to another network entity, and which is decremented each time a tombstone is removed or each time a deleted object owned by the particular network entity is undeleted; and a fourth data field containing data representing a fractional tombstone factor for the entity which is multiplied against the total number of tombstones in the third data field and then added to the total number of system objects in the second data field and compared to the quota contained in the first data field when the table is used by the at least one directory server to enforce a quota for the particular network entity before allowing the network entity to perform a directory operation that is otherwise calculated to increase the number of objects owned by the particular network entity.

18. The computer-readable medium of claim 17 wherein the object-creation quota is a default quota, and wherein the object-creation quota table data structure further comprises a fifth data field containing data representing an object-creation quota for the entity.